Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-25956 | 1 Dolibarr | 2 Dolibarr, Dolibarr Erp\/crm | 2024-11-21 | 6.5 MEDIUM | 4.7 MEDIUM |
|
In “Dolibarr” application, v3.3.beta1_20121221 to v13.0.2 have “Modify” access for admin level users to change other user’s details but fails to validate already existing “Login” name, while renaming the user “Login”. This leads to complete account takeover of the victim user. This happens since the password gets overwritten for the victim user having a similar login name.
|
|||||
| CVE-2021-25778 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
In JetBrains TeamCity before 2020.2.1, permissions during user deletion were checked improperly.
|
|||||
| CVE-2021-25768 | 1 Jetbrains | 1 Youtrack | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
In JetBrains YouTrack before 2020.4.4701, permissions for attachments actions were checked improperly.
|
|||||
| CVE-2021-25755 | 1 Jetbrains | 1 Code With Me | 2024-11-21 | 1.9 LOW | 2.5 LOW |
|
In JetBrains Code With Me before 2020.3, an attacker on the local network, knowing a session ID, could get access to the encrypted traffic.
|
|||||
| CVE-2021-25735 | 1 Kubernetes | 1 Kubernetes | 2024-11-21 | 5.5 MEDIUM | 6.5 MEDIUM |
|
A security issue was discovered in kube-apiserver that could allow node updates to bypass a Validating Admission Webhook. Clusters are only affected by this vulnerability if they run a Validating Admission Webhook for Nodes that denies admission based at least partially on the old state of the Node object. Validating Admission Webhook does not observe some previous fields.
|
|||||
| CVE-2021-25695 | 1 Teradici | 1 Pcoip | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
The USB vHub in the Teradici PCOIP Software Agent prior to version 21.07.0 would accept commands from any program, which may allow an attacker to elevate privileges by changing the flow of program execution within the vHub driver.
|
|||||
| CVE-2021-25672 | 1 Mendix | 1 Forgot Password | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
A vulnerability has been identified in Mendix Forgot Password Appstore module (All Versions < V3.2.1). The Forgot Password Marketplace module does not properly control access. An attacker could take over accounts.
|
|||||
| CVE-2021-25657 | 1 Avaya | 1 Ip Office | 2024-11-21 | N/A | 7.8 HIGH |
|
A privilege escalation vulnerability was discovered in Avaya IP Office Admin Lite and USB Creator that may potentially allow a local user to escalate privileges. This issue affects Admin Lite and USB Creator 11.1 Feature Pack 2 Service Pack 1 and earlier versions.
|
|||||
| CVE-2021-25649 | 1 Avaya | 1 Aura Utility Services | 2024-11-21 | 2.1 LOW | 4.9 MEDIUM |
|
An information disclosure vulnerability was discovered in the directory and file management of Avaya Aura Utility Services. This vulnerability may potentially allow any local user to access system functionality and configuration information that should only be available to a privileged user. Affects all 7.x versions of Avaya Aura Utility Services
|
|||||
| CVE-2021-25648 | 1 Testes-codigo | 1 Testes De Codigo | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Mobile application "Testes de Codigo" 11.4 and prior allows an attacker to gain access to the administrative interface and premium features by tampering the boolean value of parameters "isAdmin" and "isPremium" located on device storage.
|
|||||
| CVE-2021-25631 | 1 Libreoffice | 1 Libreoffice | 2024-11-21 | 9.3 HIGH | 8.8 HIGH |
|
In the LibreOffice 7-1 series in versions prior to 7.1.2, and in the 7-0 series in versions prior to 7.0.5, the denylist can be circumvented by manipulating the link so it doesn't match the denylist but results in ShellExecute attempting to launch an executable type.
|
|||||
| CVE-2021-25527 | 1 Samsung | 1 Pay | 2024-11-21 | 2.1 LOW | 3.8 LOW |
|
Improper export of Android application components vulnerability in Samsung Pay (India only) prior to version 4.1.77 allows attacker to access Bill Pay and Recharge menu without authentication.
|
|||||
| CVE-2021-25526 | 1 Samsung | 1 Blockchain Wallet | 2024-11-21 | 2.1 LOW | 4.0 MEDIUM |
|
Intent redirection vulnerability in Samsung Blockchain Wallet prior to version 1.3.02.8 allows attacker to execute privileged action.
|
|||||
| CVE-2021-25514 | 1 Google | 1 Android | 2024-11-21 | 4.3 MEDIUM | 3.3 LOW |
|
An improper intent redirection handling in Tags prior to SMR Dec-2021 Release 1 allows attackers to access sensitive information.
|
|||||
| CVE-2021-25507 | 1 Samsung | 1 Samsung Flow | 2024-11-21 | 2.7 LOW | 5.7 MEDIUM |
|
Improper authorization vulnerability in Samsung Flow mobile application prior to 4.8.03.5 allows Samsung Flow PC application connected with user device to access part of notification data in Secure Folder without authorization.
|
|||||
| CVE-2021-25504 | 1 Samsung | 1 Group Sharing | 2024-11-21 | 2.1 LOW | 4.0 MEDIUM |
|
Intent redirection vulnerability in Group Sharing prior to 10.8.03.2 allows attacker to access contact information.
|
|||||
| CVE-2021-25501 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 5.7 MEDIUM |
|
An improper access control vulnerability in SCloudBnRReceiver in SecTelephonyProvider prior to SMR Nov-2021 Release 1 allows untrusted application to call some protected providers.
|
|||||
| CVE-2021-25490 | 1 Google | 1 Android | 2024-11-21 | 3.6 LOW | 6.0 MEDIUM |
|
A keyblob downgrade attack in keymaster prior to SMR Oct-2021 Release 1 allows attacker to trigger IV reuse vulnerability with privileged process.
|
|||||
| CVE-2021-25472 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 4.0 MEDIUM |
|
An improper access control vulnerability in BluetoothSettingsProvider prior to SMR Oct-2021 Release 1 allows untrusted application to overwrite some Bluetooth information.
|
|||||
| CVE-2021-25470 | 2 Google, Samsung | 2 Android, Exynos | 2024-11-21 | 3.6 LOW | 7.9 HIGH |
|
An improper caller check logic of SMC call in TEEGRIS secure OS prior to SMR Oct-2021 Release 1 can be used to compromise TEE.
|
|||||
| CVE-2021-25463 | 1 Samsung | 1 Penup | 2024-11-21 | 2.1 LOW | 4.0 MEDIUM |
|
Improper access control vulnerability in PENUP prior to version 3.8.00.18 allows arbitrary webpage loading in webview.
|
|||||
| CVE-2021-25460 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 4.0 MEDIUM |
|
An improper access control vulnerability in sspExit() in BlockchainTZService prior to SMR Sep-2021 Release 1 allows attackers to terminate BlockchainTZService.
|
|||||
| CVE-2021-25459 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 4.0 MEDIUM |
|
An improper access control vulnerability in sspInit() in BlockchainTZService prior to SMR Sep-2021 Release 1 allows attackers to start BlockchainTZService.
|
|||||
| CVE-2021-25453 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 5.1 MEDIUM |
|
Some improper access control in Bluetooth APIs prior to SMR Sep-2021 Release 1 allows untrusted application to get Bluetooth information.
|
|||||
| CVE-2021-25448 | 1 Samsung | 1 Smart Touch Call | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
Improper access control vulnerability in Smart Touch Call prior to version 1.0.0.5 allows arbitrary webpage loading in webview.
|
|||||
| CVE-2021-25447 | 1 Samsung | 2 Smartthings, Smartthings Firmware | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
Improper access control vulnerability in SmartThings prior to version 1.7.67.25 allows untrusted applications to cause local file inclusion in webview.
|
|||||
| CVE-2021-25446 | 1 Samsung | 2 Smartthings, Smartthings Firmware | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
Improper access control vulnerability in SmartThings prior to version 1.7.67.25 allows untrusted applications to cause arbitrary webpage loading in webview.
|
|||||
| CVE-2021-25440 | 1 Samsung | 1 Factorycamerafb | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
Improper access control vulnerability in FactoryCameraFB prior to version 3.4.74 allows untrusted applications to access arbitrary files with an escalated privilege.
|
|||||
| CVE-2021-25439 | 2 Google, Samsung | 2 Android, Members | 2024-11-21 | 2.1 LOW | 3.3 LOW |
|
Improper access control vulnerability in Samsung Members prior to versions 2.4.85.11 in Android O(8.1) and below, and 3.9.10.11 in Android P(9.0) and above allows untrusted applications to cause arbitrary webpage loading in webview.
|
|||||
| CVE-2021-25438 | 2 Google, Samsung | 2 Android, Members | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
Improper access control vulnerability in Samsung Members prior to versions 2.4.85.11 in Android O(8.1) and below, and 3.9.10.11 in Android P(9.0) and above allows untrusted applications to cause local file inclusion in webview.
|
|||||
| CVE-2021-25437 | 1 Linux | 1 Tizen | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
Improper access control vulnerability in Tizen FOTA service prior to Firmware update JUL-2021 Release allows attackers to arbitrary code execution by replacing FOTA update file.
|
|||||
| CVE-2021-25433 | 1 Linux | 1 Tizen | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
|
Improper authorization vulnerability in Tizen factory reset policy prior to Firmware update JUL-2021 Release allows untrusted applications to perform factory reset using dbus signal.
|
|||||
| CVE-2021-25431 | 2 Google, Samsung | 2 Android, Cameralyzer | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
Improper access control vulnerability in Cameralyzer prior to versions 3.2.1041 in 3.2.x, 3.3.1040 in 3.3.x, and 3.4.4210 in 3.4.x allows untrusted applications to access some functions of Cameralyzer.
|
|||||
| CVE-2021-25426 | 1 Google | 1 Android | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Improper component protection vulnerability in SmsViewerActivity of Samsung Message prior to SMR July-2021 Release 1 allows untrusted applications to access Message files.
|
|||||
| CVE-2021-25417 | 1 Google | 1 Android | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Improper authorization in SDP SDK prior to SMR JUN-2021 Release 1 allows access to internal storage.
|
|||||
| CVE-2021-25412 | 1 Google | 1 Android | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
An improper access control vulnerability in genericssoservice prior to SMR JUN-2021 Release 1 allows local attackers to execute protected activity with system privilege via untrusted applications.
|
|||||
| CVE-2021-25405 | 1 Samsung | 1 Notes | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
An improper access control vulnerability in ScreenOffActivity in Samsung Notes prior to version 4.2.04.27 allows untrusted applications to access local files.
|
|||||
| CVE-2021-25403 | 2 Google, Samsung | 2 Android, Account | 2024-11-21 | 2.1 LOW | 3.3 LOW |
|
Intent redirection vulnerability in Samsung Account prior to version 10.8.0.4 in Android P(9.0) and below, and 12.2.0.9 in Android Q(10.0) and above allows attacker to access contacts and file provider using SettingWebView component.
|
|||||
| CVE-2021-25401 | 1 Samsung | 1 Health | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
Intent redirection vulnerability in Samsung Health prior to version 6.16 allows attacker to execute privileged action.
|
|||||
| CVE-2021-25400 | 1 Samsung | 1 Internet | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
Intent redirection vulnerability in Samsung Internet prior to version 14.0.1.20 allows attacker to execute privileged action.
|
|||||